Checking server logs today I found all kind of entries in the error log including some exploit tries that I listed as the subject line. Those where the most frequent attempts and the IP’s involved are listed below:
I have entries for:
phpbb portal remote file include (I don’t use phpbb) exploit:
206.220.40.8
several entries for errors.php in different folders from:
212.227.60.81
62.87.154.41
83.220.144.232
92.48.83.200
trying different locations for an iframe script injection calling
images trying to inject Attacker-supplied HTML and script code…
212.43.8.1
79.131.116.17
83.103.40.171
85.74.149.182
90.196.141.224
This is not an ASP server - dummy
86.47.47.190
96.232.83.140
Looking for signup, login pages in different no existent folders on server
80.86.83.28
- Nigerian hacker (ok - just a wannabe) another iframe script injection but the script is broken - should I tell him?
41.211.232.39
Why are this ip looking for bug log pages in random location on my server - 16 tries in two days
67.159.30.246
On another note - crawl-1.cuill.com fix your crawler or cease and desist - it’s got to be the dumbest bot around
I didn’t bother listing the poor souls in China looking for an unlisted proxy, I hope they find one 
I’m adding a mod_rewrite to send the offenders to a search on “example.com” from now on.
Tags: errors.php, expoits, script injection
November 24th, 2008 at 6:39 pm
I’m thinking this blog has cobwebs on it!
-Raw
November 25th, 2008 at 9:09 pm
nah, it’s the line they tried to use for hacking. No it’s more like kiddie cracking…